A vulnerability was found in GitBucket up to 4.46.1 . It has been classified as critical . This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala . Performing a manipulation of the argument url results in server-side request forgery. This vulnerability is reported as CVE-2026-13540 . The attack is possible to be carried out remotely. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a pa